Main Vulnerability Database Vulnerabilities #VU370

#VU370 Information disclosure in OpenSSL - CVE-2016-2183

Published: September 8, 2016 / Updated: March 31, 2023

Vulnerability identifier: #VU370

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2016-2183

CWE-ID: CWE-327

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
OpenSSL

Software vendor:
OpenSSL Software Foundation

Description

The vulnerability allows a remote attacker to decrypt transmitted data.

The vulnerability exists due to remote user's ability to control the network and capture long duration 3DES CBC mode encrypted session during which he can see a part of the text. In case of repeated sending the attacker can read the part and reconstruct the whole text.

Successful exploitation of this vulnerability may allow a remote attacker to decode transmitted data. This vulnerability is known as SWEET32.

Remediation

Update to version 1.1.0.

External links

https://www.openssl.org/news/changelog.html#x0

#VU370 Information disclosure in OpenSSL - CVE-2016-2183

Description

Remediation

External links

Please verify you're human